Skip to content

[Deepin Integration]~[v25-Release] fix(libssh2): CVE-2026-58051, CVE-2026-58050 - publickey list fixes by deepin-ci-robot@deepin-community/libssh2 by deepin-community-ci-bot[bot] #13543

Description

@deepin-bot

Package information | 软件包信息

包名 版本
libssh2 1.11.1-1+deb13u1deepin2

Package repository address | 软件包仓库地址

deb [trusted=yes] https://ci.deepin.com/repo/obs/deepin:/CI:/TestingIntegration:/test-integration-pr-4222/testing/ ./

Changelog | 更新信息

libssh2 (1.11.1-1+deb13u1deepin2) unstable; urgency=medium

  • CVE-2026-58050: Fix publickey list fetch attribute overflow
    Cap list size at 1024 elements to prevent integer overflow.
  • CVE-2026-58051: Fix publickey list fetch uninitialized entry
    Zero-initialize new list entry after SSH2_REALLOC.

Metadata

Metadata

Labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

Status
In progress

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions